Problem/Motivation

This took a while to track down and may not seem like that big of a bug at first, but it's a fairly major one if your site relies heavily on dialogs/modals.

The easiest way to explain the issue is to use the closeOnEscape boolean value as an example.

When this option is passed via AJAX, it passes the actual value of false. This value is subsequently converted into a string representation due to how PHP works when it reaches DialogRenderer or ModalRenderer and becomes "false".

Thus, when it's actually passed back to JavaScript as AJAX commands in a response to actually open said dialog/modal, its actual value (a string) is treated as a positive value. This is because most code, if not all, expects this to be a boolean and treats it as such with statements like if (options.closeOnEscape).

For more details, see #2978392: Mapped option closeOnEscape doesn't work as expected.

Proposed resolution

Filter, sanitize and cast passed dialogOptions to proper values.

Remaining tasks

  • Create patch
  • Create test(s)

User interface changes

None

API changes

None

Data model changes

None

CommentFileSizeAuthor
#18 3014136-nr-bot.txt143 bytesneeds-review-queue-bot
#14 3014136-9.patch3.74 KBwmcmillian
#8 3014136-8.patch4.57 KBmarkhalliwell
#8 interdiff-3014136-5-8.txt1.84 KBmarkhalliwell
#5 3014136-5.patch4.32 KBmarkhalliwell
#5 interdiff-3014136-2-5.txt3.29 KBmarkhalliwell
#2 3014136-2.patch3.54 KBmarkhalliwell

Comments

markcarver created an issue. See original summary.

markhalliwell’s picture

markhalliwell
Primary language English
commented
Status: Active » Needs review
StatusFileSize
new 3014136-2.patch3.54 KB

Here's a patch that implements the very basic dialogOptions provided by jQuery UI itself. I know that core has its own dialogOptions it also sometimes passes, but not entirely sure if this is the best approach yet. I do like the explicit nature of this, but perhaps a more permissive filter that just checks if values are numeric or boolean like and then automatically converts just those?

markhalliwell’s picture

markhalliwell
Primary language English
commented
Issue summary: View changes

Status: Needs review » Needs work

The last submitted patch, 2: 3014136-2.patch, failed testing. View results

markhalliwell’s picture

markhalliwell
Primary language English
commented
Status: Needs work » Needs review
StatusFileSize
new interdiff-3014136-2-5.txt3.29 KB
new 3014136-5.patch4.32 KB

After discussing this with @plach, I think the simplest solution is to just serialize the data as JSON before it's sent and then deserialize it server side. This way it preserves the data types and we don't have to essentially keep a running schema definition which would constantly be under revision.

Status: Needs review » Needs work

The last submitted patch, 5: 3014136-5.patch, failed testing. View results

markhalliwell’s picture

markhalliwell
Primary language English
commented
Issue tags: +JavaScript, +modal dialog

Tagging it to get some more eyes on this. Not entirely sure why those tests are failing...

markhalliwell’s picture

markhalliwell
Primary language English
commented
Status: Needs work » Needs review
StatusFileSize
new interdiff-3014136-5-8.txt1.84 KB
new 3014136-8.patch4.57 KB

Seems overriding the existing variable causes some sort of serialization recursion. Using a new dedicated variable instead.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

wmcmillian’s picture

wmcmillian commented
Version: 9.3.x-dev » 9.2.x-dev
Issue tags: -JavaScript +JavaScript
StatusFileSize
new 3014136-9.patch3.74 KB

Reroll patch for v9.20

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.1.10 (June 4, 2021) and Drupal 9.2.10 (November 24, 2021) were the last bugfix releases of those minor version series. Drupal 9 bug reports should be targeted for the 9.3.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.15 was released on June 1st, 2022 and is the final full bugfix release for the Drupal 9.3.x series. Drupal 9.3.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.4.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.9 was released on December 7, 2022 and is the final full bugfix release for the Drupal 9.4.x series. Drupal 9.4.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.5.x-dev branch from now on, and new development or disruptive changes should be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

needs-review-queue-bot’s picture

needs-review-queue-bot commented
Status: Needs review » Needs work
StatusFileSize
new 3014136-nr-bot.txt143 bytes

The Needs Review Queue Bot tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

Version: 9.5.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.